OpenStack ManualsOpenStack Cloud Administrator Guide  - current

  Atom feed of this document
  
 
 Load Balancer-as-a-Service and Firewall-as-a-Service

The NSX LBaaS and FWaaS services use the standard OpenStack API with the exception of requiring routed-insertion extension support.

The main differences between the NSX implementation and the community reference implementation of these services are:

  1. The NSX LBaaS and FWaaS plug-ins require the routed-insertion extension, which adds the router_id attribute to the VIP (Virtual IP address) and firewall resources and binds these services to a logical router.

  2. The community reference implementation of LBaaS only supports a one-arm model, which restricts the VIP to be on the same subnet as the back-end servers. The NSX LBaaS plug-in only supports a two-arm model between north-south traffic, which means that you can create the VIP on only the external (physical) network.

  3. The community reference implementation of FWaaS applies firewall rules to all logical routers in a tenant, while the NSX FWaaS plug-in applies firewall rules only to one logical router according to the router_id of the firewall entity.

 

Procedure 7.6. To configure Load Balancer-as-a-Service and Firewall-as-a-Service with NSX:

  1. Edit /etc/neutron/neutron.conf file:

    core_plugin = neutron.plugins.vmware.plugin.NsxServicePlugin
# Note: comment out service_plug-ins. LBaaS & FWaaS is supported by core_plugin NsxServicePlugin
# service_plugins =

  2. Edit /etc/neutron/plugins/vmware/nsx.ini file:

    In addition to the original NSX configuration, the default_l3_gw_service_uuid is required for the NSX Advanced plug-in and you must add a vcns section:

    [DEFAULT]
    nsx_password = admin
    nsx_user = admin
    nsx_controllers = 10.37.1.137:443
    default_l3_gw_service_uuid = aae63e9b-2e4e-4efe-81a1-92cf32e308bf
    default_tz_uuid = 2702f27a-869a-49d1-8781-09331a0f6b9e

    [vcns]

    # VSM management URL
    manager_uri = https://10.24.106.219

    # VSM admin user name
    user = admin

    # VSM admin password
    password = default

    # UUID of a logical switch on NSX which has physical network connectivity (currently using bridge transport type)
    external_network = f2c023cf-76e2-4625-869b-d0dabcfcc638

    # ID of deployment_container on VSM. Optional, if not specified, a default global deployment container is used

    # deployment_container_id =

    # task_status_check_interval configures status check interval for vCNS asynchronous API. Default is 2000 msec.

    # task_status_check_interval =
Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page
Legal notices
loading table of contents...